v3.5 – API security hardening & usability optimizations – is available

Actually I wanted to save v3.5 to be released together with the pro version I am currently working on. But thanks to lots of user feedback, I decided to make a quick release with security, performance and usability enhancements.

One personal request: as WordPress added a new review feature for plugins hosted on wordpress.org, I kindly invite you to leave your opinion about my plugin at http://wordpress.org/support/view/plugin-reviews/leaflet-maps-marker.

If you want to keep up to date with the latest Maps Marker development, please follow @MapsMarker on twitter, on Facebook or Google+

And now let´s get into the highlights of v3.5:

option to disable global admin notices

Some users reported issues with the newly introduced check for marker icons and marker shadow image when using special WordPress settings. In case you dont want to see global admin notices from Leaflet Maps Marker anymore, you can now turn them off via Settings / Misc:

admin-notices

Please note that turning global admin notices off is not advised in general, as you won´t be notified about plugin incompatibilities discovered in future releases too.

optimized plugins total images size with Yahoo! Smush.it by 100kb

The default icon set has been optimized with Yahoo! Smush.it, resulting in 40k less load on marker edit pages. Please note that the optimized icons are only used for new installs as I didn´t want to overwrite the marker icon directory as many users have changed their default icon set. So in case you want to use the optimized icons too, please unzip mapicons.zip in /wp-content/plugins/leaflet-maps-marker/inc/img/mapicons/mapicons.zip to your default marker icon directory on your server (usually /wp-content/uploads/leaflet-maps-marker-icons/)

security hardening for API links to better prevent SQL injections

Thomas Petersen, www.pr3.dk, informed me about a potential security issue with API links by Leaflet Maps Marker. I couldn´t confirm this but in the process of analyzing I hardened the API links in order to prevent SQL injections even better than before (Leaflet Maps Marker was already successfully tested to ÖNORM 7700 and OWASP TOP 10 for security issues in the past).

Other changes/optimizations

  • improved performance for adding OSM edit link (use of jquery id selectors instead of class selectors)

Bugfixes

  • undefined index message on adding new recent marker widget
  • removed duplicate mapicons.zip (decreasing plugin size by 150kb)
  • xml address field in KML could become malformed on some installations

Translations updates

Thanks to many motivated contributors, v3.5 comes with the following translation updates:

Updated translations

If you want to contribute to translations (Persian would be great 😉 ), please visit http://translate.mapsmarker.com/projects/lmm for more information.

Outlook – my plans for the next release

I am still working on the pro version with a smooth transition from the free version – meaning an integrated updater ;-). It takes a bit longer as planned but as I want to keep quality high, I am sure you are willing to wait a bit more 🙂

A demo can be found here (not much to see yet beside Leaflet 0.5 integration as most changes so far took place in the backend).

Full changelog (show previous changelogs)

option to disable global admin notices (showing plugin compatibilities or marker icon directory warnings for example)
improved performance for adding OSM edit link
security hardening for API links to better prevent SQL injections
optimized plugins total images size with Yahoo! Smush.it by 100kb (optimized marker icons for new installs only automatically!)
undefined index message on adding new recent marker widget
removed duplicate mapicons.zip (decreasing plugin size by 150kb)
xml address field in KML could become malformed on some installations
updated Polish translation thanks to Tomasz Rudnicki, http://www.kochambieszczady.pl
updated Danish translation thanks to Mads Dyrmann Larsen
updated German translation

How to download / update 

You can download the latest version here. The easiest way to update is to use the WordPress update process: login with an user who has admin privileges, navigate to Dashboard / Updates, select plugins to update and press the button “Update Plugins”. Alternatively you can also download the current version here, unzip the package and overwrite the plugin´s files on your webserver.

Leave a Reply

Your email address will not be published. Required fields are marked *